{"id":36516,"date":"2024-11-30T02:31:55","date_gmt":"2024-11-30T01:31:55","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=36516"},"modified":"2024-12-07T06:31:54","modified_gmt":"2024-12-07T05:31:54","slug":"windows-server-2012-unofficial-0patch-fix-for-mow-0-day-vulnerability","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/11\/30\/windows-server-2012-unofficial-0patch-fix-for-mow-0-day-vulnerability\/","title":{"rendered":"Windows Server 2012: Unofficial 0patch fix for MoW 0-day vulnerability"},"content":{"rendered":"

\"Windows\"[German<\/a>]ACROS Security has developed a fix for a previously unknown 0-day vulnerability in the Mark of the Web security feature of Windows Server 2012 and Server 2012 R2. The fix is available to customers via a 0patch micro-patch and enables the affected installations to be secured.<\/p>\n

<\/p>\n

Security researchers from ACROS Security have recently discovered a previously unknown 0-day vulnerability in Windows Server 2012 and Server 2012 R2. The vulnerability allows an attacker to bypass an enforced Mark of the Web security check for certain file types. This can be seen in the following tweet and the blog post Windows Server 2012 Mark of the Web Vulnerability (0day) – and Free Micropatches for it<\/a>.<\/p>\n

\"0patch<\/a><\/p>\n

The analysis revealed that the vulnerability has existed undetected in Windows Server 2012 for over two years and has not yet been patched by Microsoft. According to Mitja Kolsek, the vulnerability is even present on fully updated servers with extended security updates.<\/p>\n

ACROS Security has reported this problem to Microsoft and, as usual, issued micropatches for it. The micropatches can be used free of charge via the 0patch agent until Microsoft has provided an official update. ACROS Security does not disclose the details of the vulnerability, but provides some further information in the linked blog post. Micropatches have been provided for the following operating systems:<\/p>\n